Discuss mailing list

[Niels Dettenbach <nd AT syndicat.com>]

Am Mittwoch, 30. Mai 2012, 18:40:28 schrieb Alex Hanselka:
> I'd just like to mention that you can't get a commercial cert for an
> opennic DNS. IF you find a place, let me know.

hmmm,
if there are interest in (non-commercial) OpenNIC SSL certs i'm open to set 
up 
a x509 SSL/TLS CA for server, user, code and other certificate types within 
OpenNIC - incl. a simple web GUI for diggin in the CA and for certificates by 
web.

Shure, the CA root is not preinstalled in the browsers but the single root CA 
cert could be published anywhere centrally on the OpenNIC website or on 
similiar places. This means OpenNIC users has to install one root cert by 
click into their browsers / client systems once to get full SSL/TLS 
authentication of servers etc. within such a OpenNIC CA / within OpenNIC.

With cross certs other CAs could play "sub" CA and handle their own CA.

To get a minimum security level i.e. the domain holder has to place some file 
and/or accept and react to some email in his domain space.

Getting "highler" levels i.e. on a domain holder it may make sense that:

 - OpenNIC establishes a WHOIS
 - OpenNIC CA acts against that WHOIS


For minimum requirements the Whois should offer regarding domain holders 
email 
addresses / contacts or similiar.

This are just some first / short ideas here and not be fully thinked 
thoroughly...


best regards,


Niels.

-- 
 ---
 Niels Dettenbach
 Syndicat IT & Internet
 http://www.syndicat.com
 ---

Attachment: signature.asc
Description: This is a digitally signed message part.